From 417464c63915f6c049b63b19521d5ba73865ad96 Mon Sep 17 00:00:00 2001
From: WanWanYun <wanwanyun@example.com>
Date: Thu, 13 Nov 2025 01:22:36 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DSSL=E8=AF=81=E4=B9=A6?=
 =?UTF-8?q?=E7=94=B3=E8=AF=B7=E5=A4=B1=E8=B4=A5=E5=90=8E=E4=BB=8D=E6=98=BE?=
 =?UTF-8?q?=E7=A4=BA=E6=88=90=E5=8A=9F=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

问题描述:
- Certbot申请证书失败后,脚本误报为成功
- 导致后续Nginx配置时找不到证书文件而失败退出

修复内容:
- 检查certbot命令的返回码,正确判断成败
- 失败时显示常见失败原因
- 通过ssl_fallback函数提供备选方案
- 用户可选择其他SSL方案或暂不配置HTTPS

改进逻辑:
1. certbot执行成功 → 配置HTTPS
2. certbot执行失败 → 调用ssl_fallback
3. ssl_fallback提供选项:
   - 尝试其他SSL方案(acme.sh等)
   - 暂不配置HTTPS(使用HTTP模式)
4. SSL_METHOD=8时正确使用HTTP配置

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 install.sh | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/install.sh b/install.sh
index dae76fd..4cfeaf7 100644
--- a/install.sh
+++ b/install.sh
@@ -1215,13 +1215,23 @@ deploy_certbot() {
     esac
 
     # 申请证书
-    certbot --nginx -d "$DOMAIN" --non-interactive --agree-tos --email "admin@${DOMAIN}" --redirect
-
-    # 配置自动续期
-    systemctl enable certbot.timer
-
-    print_success "Certbot SSL证书部署成功"
-    return 0
+    echo ""
+    if certbot --nginx -d "$DOMAIN" --non-interactive --agree-tos --email "admin@${DOMAIN}" --redirect; then
+        # 配置自动续期
+        systemctl enable certbot.timer 2>/dev/null || true
+        print_success "Certbot SSL证书申请成功"
+        return 0
+    else
+        print_error "Certbot SSL证书申请失败"
+        echo ""
+        print_warning "常见失败原因:"
+        echo "  1. 域名未正确解析到此服务器"
+        echo "  2. 防火墙阻止了80/443端口"
+        echo "  3. Nginx未正确配置"
+        echo "  4. Let's Encrypt速率限制"
+        echo ""
+        return 1
+    fi
 }
 
 deploy_acme_letsencrypt() {